jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add httponly constraint to user_name cookie #2621

Browse Source
This commit is contained in:
r888888888
2016-07-12 12:30:01 -07:00
parent c2d09af089
commit 8ea992168b
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/logical/session_creator.rb
View File

@@ -18,7 +18,8 @@ class SessionCreator
if remember.present? if remember.present?
cookies.permanent.signed[:user_name] = { cookies.permanent.signed[:user_name] = {
:value => user.name, :value => user.name,
:secure => secure :secure => secure,
:httponly => true
} }
cookies.permanent[:password_hash] = { cookies.permanent[:password_hash] = {
:value => user.bcrypt_cookie_password_hash, :value => user.bcrypt_cookie_password_hash,